In the modern world of networked transaction processing, authentication is only way to validate requests for financial services and other demands with any degree of security or data integrity. However, even with the current widespread use of encryption, security codes and personal identification numbers (PINs), existing systems are subject to various types of attacks or hacking. Such security breaches may, for example, be carried out through keyboard hooks and other data-sniffing techniques, magnetic card duplicators, smartcard emulators, and so forth.
At the same, the number of electronic devices applicable to transaction and data processing has grown, including not only dedicated terminals adapted for such uses, but general-purpose computing machinery, personal and digital assistants (PDAs), laptop, palmtop and notebook computers.
Existing authentication devices are deeply connected to computers or other devices such as cable/satellite decoders to validate a particular transaction. As such, these devices represent a single point of attack for hackers who can emulate the authentication device, hook communication between the device and the software stored inside the “computer.” or even record and play communication packets.
To prevent such activities, the industry is working on protocols to enable these devices to operate securely. But protocols have their own weaknesses in the sense that when they are implemented and successfully attacked, patches may become available for widespread use on internet for free.
Accordingly, the need remains for a system which allows the use of these alternative devices, including portable devices, while, at the same time, provides a level of security, scalability and transparency in conjunction with existing infrastructures which is at least as good, and preferably much higher, than systems currently in use.